#ifndef _NT_MEMORY_H_ #define _NT_MEMORY_H_ #include "nt_abi.h" #include "nt_object.h" typedef enum _nt_memory_info_class { NT_MEMORY_BASIC_INFORMATION, NT_MEMORY_WORKING_SET_LIST, NT_MEMORY_SECTION_NAME, NT_MEMORY_BASIC_VLM_INFORMATION } nt_memory_info_class; /* memory allocation granularity: same on all supported systems */ #define NT_ALLOCATION_GRANULARITY (0x10000) /* memory (de)allocation types */ #define NT_MEM_PAGE_GUARD 0x00000100 /* protect */ #define NT_MEM_COMMIT 0x00001000 /* commit */ #define NT_MEM_RESERVE 0x00002000 /* reserve only */ #define NT_MEM_DECOMMIT 0x00004000 /* decommit but maintain reservavion */ #define NT_MEM_RELEASE 0x00008000 /* decommit and cancel reservation */ #define NT_MEM_RESET 0x00080000 /* make obsolete */ #define NT_MEM_TOP_DOWN 0x00100000 /* allocate at highest possible address using a slow and possibly buggy algorithm */ #define NT_MEM_WRITE_WATCH 0x00200000 /* track writes */ #define NT_MEM_PHYSICAL 0x00400000 /* physical view */ #define NT_MEM_RESET_UNDO AVOID 0x01000000 /* only after a successful NT_MEM_RESET */ #define NT_MEM_LARGE_PAGES 0x20000000 /* use large-page support */ #define NT_MEM_FREE 0x00010000 /* informational only: nt_memory_basic_information.state */ #define NT_MEM_IMAGE 0x01000000 /* informational only: nt_memory_basic_information.type */ #define NT_MEM_MAPPED 0x00040000 /* informational only: nt_memory_basic_information.type */ #define NT_MEM_PRIVATE 0x00020000 /* informational only: nt_memory_basic_information.type */ /* memory page access bits */ #define NT_PAGE_NOACCESS (uint32_t)0x01 #define NT_PAGE_READONLY (uint32_t)0x02 #define NT_PAGE_READWRITE (uint32_t)0x04 #define NT_PAGE_WRITECOPY (uint32_t)0x08 #define NT_PAGE_EXECUTE (uint32_t)0x10 #define NT_PAGE_EXECUTE_READ (uint32_t)0x20 #define NT_PAGE_EXECUTE_READWRITE (uint32_t)0x40 #define NT_PAGE_EXECUTE_WRITECOPY (uint32_t)0x80 /* working set list entries: basic attributes */ #define NT_WSLE_PAGE_NOT_ACCESSED 0x0000 #define NT_WSLE_PAGE_READONLY 0x0001 #define NT_WSLE_PAGE_EXECUTE 0x0002 #define NT_WSLE_PAGE_EXECUTE_READ 0x0003 #define NT_WSLE_PAGE_READWRITE 0x0004 #define NT_WSLE_PAGE_WRITECOPY 0x0005 #define NT_WSLE_PAGE_EXECUTE_READWRITE 0x0006 #define NT_WSLE_PAGE_EXECUTE_WRITECOPY 0x0007 /* working set list entries: extended attributes */ #define NT_WSLE_PAGE_NO_CACHE 0x0008 #define NT_WSLE_PAGE_GUARD_PAGE 0x0010 #define NT_WSLE_PAGE_SHARE_COUNT_MASK 0x00E0 #define NT_WSLE_PAGE_SHAREABLE 0x0100 /* ntapi_zw_lock_virtual_memory lock types */ #define NT_LOCK_VM_IN_WSL 0x0001 #define NT_LOCK_VM_IN_RAM 0x0002 typedef struct _nt_memory_basic_information { void * base_address; void * allocation_base; uint32_t allocation_protect; size_t region_size; uint32_t state; uint32_t protect; uint32_t type; } nt_memory_basic_information; typedef struct _nt_memory_working_set_list { uintptr_t number_of_pages; uintptr_t nt_working_set_list_entry[]; } nt_memory_working_set_list; typedef struct _nt_memory_section_name { nt_unicode_string section_name; wchar16_t section_name_buffer[]; } nt_memory_section_name, nt_mem_sec_name; typedef int32_t __stdcall ntapi_zw_allocate_virtual_memory( __in void * hprocess, __in_out void ** base_address, __in uint32_t zero_bits, __in_out size_t * allocation_size, __in uint32_t allocation_type, __in uint32_t protect); typedef int32_t __stdcall ntapi_zw_free_virtual_memory( __in void * hprocess, __in_out void ** base_address, __in_out size_t * free_size, __in uint32_t deallocation_type); typedef int32_t __stdcall ntapi_zw_query_virtual_memory( __in void * hprocess, __in void * base_address, __in nt_memory_info_class mem_info_class, __out void * mem_info, __in size_t mem_info_length, __out size_t * returned_length __optional); typedef int32_t __stdcall ntapi_zw_protect_virtual_memory( __in void * hprocess, __in void ** base_address, __in size_t * protect_size, __in uint32_t protect_type_new, __out uint32_t * protect_type_old); typedef int32_t __stdcall ntapi_zw_read_virtual_memory( __in void * hprocess, __in void * base_address, __out char * buffer, __in size_t buffer_length, __out size_t * bytes_written); typedef int32_t __stdcall ntapi_zw_write_virtual_memory( __in void * hprocess, __in void * base_address, __in char * buffer, __in size_t buffer_length, __out size_t * bytes_written); typedef int32_t __stdcall ntapi_zw_lock_virtual_memory( __in void * hprocess, __in_out void ** base_address, __in_out size_t * lock_size, __in uint32_t lock_type); typedef int32_t __stdcall ntapi_zw_unlock_virtual_memory( __in void * hprocess, __in_out void ** base_address, __in_out size_t * lock_size, __in uint32_t lock_type); typedef int32_t __stdcall ntapi_zw_flush_virtual_memory( __in void * hprocess, __in_out void ** base_address, __in_out size_t * flush_size, __in nt_io_status_block * flush_type); typedef int32_t __stdcall ntapi_zw_allocate_user_physical_pages( __in void * hprocess, __in_out uintptr_t * number_of_pages, __out uintptr_t * arr_page_frame_numbers); typedef int32_t __stdcall ntapi_zw_free_user_physical_pages( __in void * hprocess, __in_out uintptr_t * number_of_pages, __in uintptr_t * arr_page_frame_numbers); typedef int32_t __stdcall ntapi_zw_map_user_physical_pages( __in void * base_address, __in_out uintptr_t * number_of_pages, __in uintptr_t * arr_page_frame_numbers); typedef int32_t __stdcall ntapi_zw_map_user_physical_pages_scatter( __in void ** virtual_addresses, __in_out uintptr_t * number_of_pages, __in uintptr_t * arr_page_options); typedef uint32_t __stdcall ntapi_zw_get_write_watch( __in void * hprocess, __in uint32_t flags, __in void * base_address, __in size_t region_size, __out uintptr_t * buffer, __in_out uintptr_t * buffer_entries, __out uintptr_t * granularity); typedef uint32_t __stdcall ntapi_zw_reset_write_watch( __in void * hprocess, __in void * base_address, __in size_t region_size); #endif